Risk Assessment —

Dutch to MBTA: Sorry CharlieCard. Your crypto is crap-o

Two months after the Massachussetts Bay Transit Authority went to court to …

Back in early August, the Massachussetts Bay Transit Authority successfully prevented a small group of students from giving a presentation at DEFCON that would have highlighted failures in the CharlieCard RFID system that the MBTA currently uses. Although eventually overturned, the injunction and corresponding gag order that the MBTA was temporarily granted did prevent the students from giving their original presentation. Now, ironically, it turns out that all the MBTA's effort was for nothing, as researchers based in the Netherlands have successfully cracked the MIFARE Classic crypotographic cipher that's currently used in multiple mass transit systems across the globe.

In this case, the company behind the MIFARE system, NXP Semiconductor, sued to prevent publication of the group's work, but was denied such relief on the grounds that it would violate the researchers' freedom of expression. The timeline of events, according to the group's full presentation (PDF), is as follows:

MIFARE's vulnerability to attack is of significant concern, given the standard's wide popularity. MIFARE Classic is currently deployed across transit systems, universities (at least in the Netherlands), personnel entrances at Schirphol Airport in Amsterdam, Dutch military bases (the Dutch have a military?) and is apparently part of wireless payment systems in Asia. NXP (formerly Philips Semiconductor) reports that some 1 billion MIFARE cards have been sold worldwide, and that the company's sales account for some 85 percent of the contactless smart card market. The cipher that protects all the hundreds of millions of MIFARE-powered transactions that go on each week is known as CRYPTO-1, and it is proprietary to Philips Semiconductor. CRYPT0-1 relies on a 48-bit secret key, which the researchers were eventually able to crack.

The team researched two separate attacks, both of which are detailed in their report (PDF). The first attack method splits the 48-bit search space into "a k bit online search space and 48−k bit offline search space. To mount this attack, the attacker needs to gather a modest amount of data from a genuine reader. Once this data has been gathered, recovering the secret key is as efficient as a lookup operation on a table. Therefore, it is much more efficient than an exhaustive search over the whole 48 bit key space."

Alternate routes

Suppose, however, that you don't really want to gather a modest amount of data from a genuine reader, or that you dislike looking up values on a table. Luckily for you, the Netherlands group found a second, easier way to hack the system. It turns out that the CRYPTO-1 cipher is what one might call "susceptible" to attack. In the researchers' own words:

The second and more efficient attack uses a cryptographic weakness of the CRYPTO-1 cipher allowing us to recover the internal state of the cipher given a small part of
the key stream. To mount this attack, one only needs one or two partial authentications from a reader to recover the secret key within one second, on ordinary hardware. This
attack does not require any pre-computation and only needs about 8 MB of memory to be executed. When an attacker eavesdrops communication between a tag and a reader, the
same methods enable us to recover all keys used in the trace and decrypt it. This gives us sufficient information to read a card, clone a card, or restore a card to a previous
state.

It's little wonder that the MBTA and NXP Semiconductor didn't want this research published. The computer hardware requirements to perform the task are trivial by today's standards, and they were perfectly achievable even back in 1994, when MIFARE was introduced. The research team, all of whom work out of the Institute for Computing and Information Sciences at Radboud University, consider their own work to be distinctly different from previous investigations of MIFARE and CRYPTO-1, though they do note that previous analyses, including an extensive analysis of the MIFARE Classic chip itself, were extremely helpful. The group at Radboud carried out its investigation with the help of Ghost, a tag emulator, reader, and eavesdrop device that they built for around 40 euros.

The upgrade that isn't

The group notes that many, if not all, of the companies and organizations that use MIFARE have additional security procedures and practices in place to thwart theft or hacking attempts, but they note that the ease with which cards can apparently be cloned could present new challenges for these systems. In all fairness to NXP Semiconductor, the company has not been blind to the security flaws within MIFARE (even if it hasn't admitted them), and it has announced that it will introduce an improved MIFARE product, MIFARE Plus, in March of this year. MIFARE Plus will use 128-bit AES encryption rather than the 48-bit CRYPTO-1. NXP is using the new system's backwards compatibility as a major selling point, but unfortunately that capability comes with a cost. MIFARE Plus cards will be substantially more vulnerable to attack when communicating with MIFARE Classic readers, making it an uncertain security replacement at best.

One of the points the MBTA made in its filing was that it didn't want to permanently gag the students, but it "demands that the MIT Undergrads refrain from such disclosure until the MBTA's system vendors have remedied the security flaw the MIT Undergrads have identified." In this case, it seems such an order would, in fact, have remained in place indefinitely. There's no evidence that the flaws in the MIFARE system can actually be fixed, and the next generation of products accepts security flaws in the name of ensuring backwards compatibility. If Justice O'Toole had accepted the MBTA's line of reasoning, the students in question might've found themselves gagged for quite a long time indeed.